chase-miller · chase-miller · Apr 13, 2025
diff --git a/extensions/src/AWSSDK.Extensions.NETCore.Setup/AWSOptions.cs b/extensions/src/AWSSDK.Extensions.NETCore.Setup/AWSOptions.cs
@@ -13,7 +13,7 @@
  * permissions and limitations under the License.
  */
 using Amazon.Runtime;
-
+using AWSSDK.Extensions.NETCore.Setup;
 using Microsoft.Extensions.Logging;
 
 namespace Amazon.Extensions.NETCore.Setup
@@ -55,6 +55,11 @@ public class AWSOptions
         /// </summary>
         public string ExternalId { get; set; }
 
+        /// <summary>
+        ///
+        /// </summary>
+        public IAWSCredentialsFactory CredentialsFactory { get; set; }
+
         /// <summary>
         /// AWS Credentials used for creating service clients. If this is set it overrides the Profile property.
         /// </summary>

diff --git a/extensions/src/AWSSDK.Extensions.NETCore.Setup/ClientFactory.cs b/extensions/src/AWSSDK.Extensions.NETCore.Setup/ClientFactory.cs
@@ -21,6 +21,7 @@
 using Amazon.Runtime;
 using Amazon.Runtime.CredentialManagement;
 using Amazon.Runtime.Credentials.Internal;
+using AWSSDK.Extensions.NETCore.Setup;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
@@ -83,7 +84,8 @@ internal object CreateServiceClient(IServiceProvider provider)
         internal IAmazonService CreateServiceClient(ILogger logger, AWSOptions options)
         {
             PerformGlobalConfig(logger, options);
-            var credentials = CreateCredentials(logger, options);
+            var credentialsFactory = options.CredentialsFactory ?? new DefaultAWSCredentialsFactory(options, logger);
+            var credentials = credentialsFactory.Create();
 
             if (!string.IsNullOrEmpty(options?.SessionRoleArn))
             {
@@ -165,52 +167,6 @@ private static AmazonServiceClient CreateClient(AWSCredentials credentials, Clie
 #endif
         }
 
-        /// <summary>
-        /// Creates the AWSCredentials using either the profile indicated from the AWSOptions object
-        /// of the SDK fallback credentials search.
-        /// </summary>
-        /// <param name="logger"></param>
-        /// <param name="options"></param>
-        /// <returns></returns>
-        private static AWSCredentials CreateCredentials(ILogger logger, AWSOptions options)
-        {
-            if (options != null)
-            {
-                if (options.Credentials != null)
-                {
-                    logger?.LogInformation("Using AWS credentials specified with the AWSOptions.Credentials property");
-                    return options.Credentials;
-                }
-                if (!string.IsNullOrEmpty(options.Profile))
-                {
-                    var chain = new CredentialProfileStoreChain(options.ProfilesLocation);
-                    AWSCredentials result;
-                    if (chain.TryGetAWSCredentials(options.Profile, out result))
-                    {
-                        logger?.LogInformation($"Found AWS credentials for the profile {options.Profile}");
-                        return result;
-                    }
-                    else
-                    {
-                        logger?.LogInformation($"Failed to find AWS credentials for the profile {options.Profile}");
-                    }
-                }
-            }
-
-            var credentials = DefaultIdentityResolverConfiguration.ResolveDefaultIdentity<AWSCredentials>();
-            if (credentials == null)
-            {
-                logger?.LogError("Last effort to find AWS Credentials with AWS SDK's default credential search failed");
-                throw new AmazonClientException("Failed to find AWS Credentials for constructing AWS service client");
-            }
-            else
-            {
-                logger?.LogInformation("Found credentials using the AWS SDK's default credential search");
-            }
-
-            return credentials;
-        }
-
         /// <summary>
         /// Creates the ClientConfig object for the service client.
         /// </summary>

diff --git a/extensions/src/AWSSDK.Extensions.NETCore.Setup/DefaultAWSCredentialsFactory.cs b/extensions/src/AWSSDK.Extensions.NETCore.Setup/DefaultAWSCredentialsFactory.cs
@@ -0,0 +1,73 @@
+using Amazon.Extensions.NETCore.Setup;
+using Amazon.Runtime;
+using Amazon.Runtime.CredentialManagement;
+using Amazon.Runtime.Credentials.Internal;
+using Microsoft.Extensions.Logging;
+
+namespace AWSSDK.Extensions.NETCore.Setup
+{
+    /// <summary>
+    ///
+    /// </summary>
+    public class DefaultAWSCredentialsFactory : IAWSCredentialsFactory
+    {
+        private readonly AWSOptions _options;
+        private readonly ILogger _logger;
+
+        /// <summary>
+        /// Creates the AWSCredentials using either the profile indicated from the AWSOptions object
+        /// of the SDK fallback credentials search.
+        /// </summary>
+        /// <param name="logger"></param>
+        /// <param name="options"></param>
+        /// <returns></returns>
+        public DefaultAWSCredentialsFactory(AWSOptions options, ILogger logger = null)
+        {
+            _options = options;
+            _logger = logger;
+        }
+
+        /// <summary>
+        /// Creates the AWSCredentials using either AWSOptions.Credentials, AWSOptions.Profile + AWSOptions.ProfilesLocation,
+        /// or the SDK fallback credentials search.
+        /// </summary>
+        public AWSCredentials Create()
+        {
+            if (_options != null)
+            {
+                if (_options.Credentials != null)
+                {
+                    _logger?.LogInformation("Using AWS credentials specified with the AWSOptions.Credentials property");
+                    return _options.Credentials;
+                }
+                if (!string.IsNullOrEmpty(_options.Profile))
+                {
+                    var chain = new CredentialProfileStoreChain(_options.ProfilesLocation);
+                    AWSCredentials result;
+                    if (chain.TryGetAWSCredentials(_options.Profile, out result))
+                    {
+                        _logger?.LogInformation($"Found AWS credentials for the profile {_options.Profile}");
+                        return result;
+                    }
+                    else
+                    {
+                        _logger?.LogInformation($"Failed to find AWS credentials for the profile {_options.Profile}");
+                    }
+                }
+            }
+
+            var credentials = DefaultIdentityResolverConfiguration.ResolveDefaultIdentity<AWSCredentials>();
+            if (credentials == null)
+            {
+                _logger?.LogError("Last effort to find AWS Credentials with AWS SDK's default credential search failed");
+                throw new AmazonClientException("Failed to find AWS Credentials for constructing AWS service client");
+            }
+            else
+            {
+                _logger?.LogInformation("Found credentials using the AWS SDK's default credential search");
+            }
+
+            return credentials;
+        }
+    }
+}
diff --git a/extensions/src/AWSSDK.Extensions.NETCore.Setup/IAWSCredentialsFactory.cs b/extensions/src/AWSSDK.Extensions.NETCore.Setup/IAWSCredentialsFactory.cs
@@ -0,0 +1,15 @@
+using Amazon.Runtime;
+
+namespace AWSSDK.Extensions.NETCore.Setup
+{
+    /// <summary>
+    ///
+    /// </summary>
+    public interface IAWSCredentialsFactory
+    {
+        /// <summary>
+        /// Creates AWSCredentials
+        /// </summary>
+        AWSCredentials Create();
+    }
+}